Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!samsung!olivea!uunet!munnari.oz.au!uniwa!DIALix!metapro!bernie
From: bernie@metapro.DIALix.oz.au (Bernd Felsche)
Newsgroups: comp.unix.amiga
Subject: Secure floppy filesyetms (was Re: interesting feature on AMIX..)
Keywords: MOUNT FLOPPY SECURITY
Message-ID: <1991Jun21.031301.7238@metapro.DIALix.oz.au>
Date: 21 Jun 91 03:13:01 GMT
References: <13706@mentor.cc.purdue.edu> <1991Jun19.204906.19339@dvorak.amd.com> <1991Jun20.165331.4604@convex.com> <319@devnull.mpd.tandem.com>
Organization: MetaPro Systems, Perth, Western Australia
Lines: 22

In <319@devnull.mpd.tandem.com> lance@mpd.tandem.com (Lance Hartmann) writes:

>Forgive my ignorance, but what do you mean by "scanning the inodes"?  Yes,
>I know what an inode is, but I'm curious as to your procedure.  I guess

I'm relying on System V.3 Unix here, but I suspect that not much has
changed: ncheck(8) has all the gruesome details. The "-s" option scans
for special files and setuid files.

>you could read the raw floppy device, check the super block, etc.
>before mounting, but is there a EASY, KNOWN way for checking the stat's of the
>raw contents?  For example, you'd certainly want to make sure that there
>weren't ANY files with setuid/setgid bits set (particularly, root owned!).
>I know that all the info would be there, but am wondering how easy/difficult
>it would be to do this....

Simple :-) Almost trivial. ncheck will even pick up naughty devices.
-- 
Bernd Felsche,                 _--_|\   #include <std/disclaimer.h>
Metapro Systems,              / sold \  Fax:   +61 9 472 3337
328 Albany Highway,           \_.--._/  Phone: +61 9 362 9355
Victoria Park,  Western Australia   v   Email: bernie@metapro.DIALix.oz.au